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AMENDMENTS TO THE CLAIMS 



1 . (Currently Amended) A method for a first Web service client provid e r to invoke a 
service hosted on a second Web service client provid e r on behalf of a principal in a 
5 computer environment, comprising the steps of: 

said principal logging in with a discovery service; 

said discovery service passing to said principal an identity assertion associated 
with said principal and a discovery service descriptor associated with said discovery 
service for use by discovery service pr i nc i pal for future authentication; 
10 said principal authenticating using said identity assertion and using said 

discovery service descriptor at said first a -Web service client, said first Web service 
client linking to and representing a desired commerce site of said princ i pal ; 



first Web service client requesting a first service descriptor associated with said first 
15 Web service and a first service assertion associated with said first Web service from 
said discovery service; 

in response to receiving said first service descriptor and said first service 
assertion, said first Web service client invoking a desired service at said first Web 
service; 

20 upon said first Web service determining a need to invoke a second desired 

service at a second Web service, said second f ifs^Web service requesting from said 
first Web discov e ry service a second service descriptor associated with said second 
Web service and a second service assertion associated with said second Web service; 
and 

25 in response to receiving said request for said second service descriptor and said 

second service assertion, said discovery service concatenating addifto-said second 
service assertion to said first service assertion and subsequently passing said first 
service assertion and said second service assertion d e scr i ptor to said second Web 
service via said first Web service; 




in response to an action related to said desired commerce 



;ite, said 
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in response to receiving said first service assertion and second service assertion, 
d e scriptor, said first Web service invoking said desired second service at said second 
Web service., 

wherein said second Web service obtains chained assertions from said first Web 
5 service, wherein said first Web service obtains said chained assertions from said 
discovery service, wherein said chained assertions comprise said identity assertion and 
said discovery service descriptor sent to said discovery service by said principal . 

2. (Original) The method of Claim 1, wherein said first Web service invokes one or 
10 more services hosted on one or more Web servers. 

3. (Original) The method of Claim 1, wherein said Web service client, said 
discovery service, said first Web server, and said second Web server are members of a 
federation relationship in which each member trusts said discovery service. 

15 

4. (Original) The method of Claim 1 , wherein said service assertion is any of, but 
not limited to: 

a ticket; 
a token; 

20 is notarized by said discovery service; and 

is certified by said discovery service. 

5. (Previously Presented) The method of Claim 4, wherein said service assertion is 
implemented using any of, but not limited to: 

25 a string; 

a certificate; 
a public key; and 

discovery keys wherein the discovery service has copies of the keys. 

30 6. (Original) The method of Claim 1 , wherein said service descriptor comprises any 
of, but not limited to: 
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a URL; 

a String; and 

a Simple Object Access Protocol (SOAP) address for Web services. 

5 7. (Currently Amended) An apparatus for a first Web service provider to invoke a 
service hosted on a second Web service provider on behalf of a principal in a computer 
environment, comprising: 

means for said principal logging in with a discovery service; 
means for said discovery service passing to said principal an identity assertion 
10 associated with said principal and a discovery service descriptor associated with said 
discovery service for use by principal for future authentication; 

means for said principal authenticating using said identity assertion and using 
said discovery service descriptor at a Web service client, said Web service client linking 
to and representing a desired commerce site of said principal; 
15 in response to an action related to said desired commercial site, means for said 

Web service client requesting a first service descriptor associated with said first Web 
service and a first service assertion associated with said first Web service from said 
discovery service; 

in response to receiving said first service descriptor and said first service 
20 assertion, means for said Web service client invoking a desired service at said first Web 
service; 

upon said first Web service determining a need to invoke a second desired 
service at a second Web service, means for said first Web service requesting from said 
discovery service a second service descriptor associated with said second Web service 
25 and a second service assertion associated with said second Web service; and 

in response to receiving said request for said second service descriptor and said 
second service assertion, means for said discovery service concatenating a ddmq-said 
second service assertion to said first service assertion and subsequently passing said 
first service assertion and said second service descriptor to said first Web service; 
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in response to receiving said first service assertion and second service 
descriptor, means for said first Web service invoking said desired second service at said 
second Web service. 

5 8. (Original) The apparatus of Claim 7, wherein said first Web service invokes one 
or more services hosted on one or more Web servers. 

9. (Original) The apparatus of Claim 7, wherein said Web service client, said 
discovery service, said first Web server, and said second Web server are members of a 

10 federation relationship in which each member trusts said discovery service. 

10. (Original) The apparatus of Claim 7, wherein said service assertion is any of, but 
not limited to: 

a ticket; 
15 a token; 

is notarized by said discovery service; and 
is certified by said discovery service. 

11. (Previously Presented) The apparatus of Claim 10, wherein said service 
20 assertion is implemented using any of, but not limited to: 

a string; 
a certificate; 
a public key; and 

discovery keys wherein the discovery service has copies of the keys. 

25 

12. (Original) The apparatus of Claim 7, wherein said service descriptor comprises 
any of, but not limited to: 

a URL; 

a String; and 

30 a Simple Object Access Protocol (SOAP) address for Web services. 
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13. (Currently Amended) A program storage medium readable by a computer, 
tangibly embodying a program of instructions executable by the computer to perform a 
method for updating address information in a computer environment, the method 
comprising the steps of: 
5 said principal logging in with a discovery service; 

said discovery service passing to said principal an identity assertion associated 
with said principal and a discovery service descriptor associated with said discovery 
service for use by principal for future authentication; 

said principal authenticating using said identity assertion and using said 
10 discovery service descriptor at a Web service client, said Web service client linking to 
and representing a desired commerce site of said principal; 

in response to an action related to said desired commercial site, said Web 
service client requesting a first service descriptor associated with said first Web service 
and a first service assertion associated with said first Web service from said discovery 
15 service; 

in response to receiving said first service descriptor and said first service 
assertion, said Web service client invoking a desired service at said first Web service; 

upon said first Web service determining a need to invoke a second desired 
service at a second Web service, said first Web service requesting from said discovery 
20 service a second service descriptor associated with said second Web service and a 
second service assertion associated with said second Web service; and 

in response to receiving said request for said second service descriptor and said 
second service assertion, said discovery service concatenating add i ng said second 
service assertion to said first service assertion and subsequently passing said first 
25 service assertion and said second service descriptor to said second Web service via 
said first Web service; 

in response to receiving said first service assertion and second service 
descriptor, said first Web service invoking said desired second service at said second 
Web service. 

30 . 
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14. (Original) The medium of Claim 13, wherein said first Web service invokes one 
or more services hosted on one or more Web servers. 

15. (Original) The medium of Claim 13, wherein said Web service client, said 
5 discovery service, said first Web server, and said second Web server are members of a 

federation relationship in which each member trusts said discovery service. 

16. (Original) The medium of Claim 13, wherein said service assertion is any of, but 
not limited to: 

10 a ticket; 

a token; 

is notarized by said discovery service; and 
is certified by said discovery service. 

15 17. (Previously Presented) The medium of Claim 16, wherein said service assertion 
is implemented using any of, but not limited to: 
a string; 
a certificate; 
a public key; 

20 discovery keys wherein the discovery service has copies of the keys; and 

a form of cryptography. 

18. (Original) The medium of Claim 13, wherein said service descriptor comprises 
any of, but not limited to: 

25 a URL; 

a String; and 

a Simple Object Access Protocol (SOAP) address for Web services. 

19. (Currently Amended) A process for a first Web service provider to invoke a 
30 service hosted on a second Web service provider on behalf of a principal in a computer 

environment, comprising the steps of: 
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said principal logs in with a discovery service for subsequent authentication; 

in response to said log in, said discovery service passing an identity assertion 
and a discovery service descriptor to said principal; 

said principal uses said identity assertion and said discovery service descriptor to 
5 access a Web commerce site with a Web service client software interface application; 

said Web service client software interface application requesting a first service 
descriptor and a first service assertion for a first desired service at a first Web server 
from said discovery service; 

in response to receiving said first service descriptor and said first service 
10 assertion from said discovery service, said Web service client software interface 
application invoking said first desired service at said first Web server; 

said first Web server requesting a second service descriptor and a second 
service assertion for a second desired service at a second Web server from said 
discovery service; 

15 on behalf of said principal, said discovery service retaining a footprint of: (1) said 

application requesting said first service descriptor and said first service assertion and 
(2) said first Web server requesting said second service descriptor and said second 
service assertion ; and 

in response to receiving said second service descriptor and said second service 

20 assertion from said discovery service, said first Web server invoking said second 
desired service at said second Web server on behalf of said principal. 

20. (Previously Presented) An apparatus for a first Web service provider to invoke a 
service hosted on a second Web service provider on behalf of a principal in a computer 
25 environment, comprising: 

means for said principal logs in with a discovery service for subsequent 
authentication; 

in response to said log in, means for said discovery service passing an identity 
assertion and a discovery service descriptor to said principal; 
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means for said principal using said identity assertion and said discovery service 
descriptor to access a Web commerce site with a Web service client software interface 
application; 

means for said Web service client software interface application requesting a first 
5 service descriptor and a first service assertion for a first desired service at a first Web 
server from said discovery service; 

in response to receiving said first service descriptor and said first service 
assertion from said discovery service, means for said Web service client software 
interface application invoking said first desired service at said first Web server; 
10 means for said first Web server requesting a second service descriptor and a 

second service assertion for a second desired service at a second Web server from 
said discovery service; 

in response to receiving said second service descriptor and said second service 
assertion from said discovery service, means for said first Web server invoking said 
15 second desired service at said second Web server on behalf of said principal; and 

means for retaining a footprint of requested services, wherein said footprint 
contains both said first service assertion and said second service assertion. 

21. (Currently Amended) A program storage medium readable by a computer, 
20 tangibly embodying a program of instructions executable by the computer to perform a 
method for updating address information in a computer environment, the method 
comprising the steps of: 

said principal logs in with a discovery service for subsequent authentication; 
in response to said log in, said discovery service passing an identity assertion 
25 and a discovery service descriptor to said principal; 

said principal uses said identity assertion and said discovery service descriptor to 
access a Web commerce site with a Web service client software interface application; 

said Web service client software interface application requesting a first service 
descriptor and a first service assertion for a first desired service at a first Web server 
30 from said discovery service; 
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in response to receiving said first service descriptor and said first service 
assertion from said discovery service, said Web service client software interface 
application invoking said first desired service at said first Web server; 

said first Web server requesting a second service descriptor and a second 
service assertion for a second desired service at a second Web server from said 
discovery service; 

wherein said discovery service maintains a footprint of requested services, 
wherein said footprint contains both said first service assertion and said second service 
assertion; and 

in response to receiving said second service descriptor and said second service 
assertion from said discovery service, said first Web server invoking said second 
desired service at said second Web server on behalf of said principal 

wh e r e in sa i d s e cond W e b serv e r indir e ct l y communicat e s w i th said d i scov e ry 
s e rvic e through said first W e b s e rv e r . 
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